[rt-users] Session take over while using RT::Authen::External

Thomas Sibley trs at bestpractical.com
Thu Mar 3 13:07:35 EST 2011


On 03 Mar 2011 13:03, Michael Polivanov wrote:
> We have discovered a very unpleasant behavior of RT if used with
> RT::Authen::External module with LDAP authentication enabled. The
> problem is that sometimes a RT site visitor (no credentials entered,
> no cookie set) gets automatically logged in with a session of another
> user, that was active before on another workstation. So user A gets
> into RT as user B without knowing the login credentials from user B.

Is there a proxy between RT and your workstations?

Thomas



More information about the rt-users mailing list